Re: encryption programs
From: Tim Haynes (usenet-20040330_at_stirfried.vegetable.org.uk)
Date: 03/30/04
- Next message: Coffee&Doughnuts: "Re: Firestarter with kernel 2.6.1"
- Previous message: Jem Berkes: "Re: Block access that is too fast with iptables"
- In reply to: Matthias Czapla: "Re: encryption programs"
- Next in thread: Matthias Czapla: "Re: encryption programs"
- Reply: Matthias Czapla: "Re: encryption programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 16:06:29 +0100
Matthias Czapla <derlalert@netscape.net> writes:
>> The OP's whole security model seems deeply flawed to me, as he seems
>> to place convenience in use and minimalism of implementation above
>> security.
>
> Hey, Im still here ;)
>
> Now Im a bit suprised. Why do you regard it as "deeply flawed"? The only
> difference to any other application of this kind is that the crypto code
> is not directly built in but done by another program. I dont understand
> why this is so bad. I think its in the spirit of UNIX, keep it simple and
> do exactly one thing and do it good. Why should I reinvent the wheel and
> implement something thats already there and very probably much better
> than my "copy" would be?
Yes, it is an oldish unixy principle to have lots of things doing just one
thing, and well. It's a modern linuxy trend to go the other way
simulatenously, taking little bits of functionality and kludging them
together into bloatware (evolution, OOo, etc).
However, where we think you're doing it sub-optimally is in relying on
another process (executable), because the ways in which the data
(user-inputted password) is conveyed from one to another can only be
insecure (echo "trustno1" | gpg, or somecommand --password=trustno1), which
lead to obvious interception potential - not the sort of hole you want if
you're collating secure information (other passwords!) under one roof. If,
instead, you were to write your program against openssl, then the crypto
functionality would indeed be reused nicely, but you could also keep the
magic words to yourself, within the same process.
> I _did_ place minimalism above convenience first but this has changed.
> After I had actually used my own program I realized that the "decrypt -
> do one thing - encrypt" approach really is annoying in at least two
> cases. One is when adding all existing passwords for the first time and
> the other is when you mistyped something and need to correct this. So
> I finally added an interactive mode.
>
> Its now released and available at http://passwords.sf.net/
Oh right, it *was* you I saw in the freshmeat rss feed the other day... I
might have to take a look, at some stage :)
~Tim
-- These are the days when you wish |piglet@stirfried.vegetable.org.uk your bed was already made. |http://spodzone.org.uk/cesspit/
- Next message: Coffee&Doughnuts: "Re: Firestarter with kernel 2.6.1"
- Previous message: Jem Berkes: "Re: Block access that is too fast with iptables"
- In reply to: Matthias Czapla: "Re: encryption programs"
- Next in thread: Matthias Czapla: "Re: encryption programs"
- Reply: Matthias Czapla: "Re: encryption programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
